The Masked Man, a German serial killer, was arrested in 2011. Police couldn’t decipher his encrypted storage devices. Now he has revealed his encryption passwords.

From 1992 German police sought a man, who sexually assaulted dozens of children. The press called him the “Masked Man” after the mask he wore according to testimonies. The following picture shows an identikit.

The crimes attributed to the Masked Man

In addition to almost 40 other sexual offences, the Mask Man was suspected to have committed five murders:

In 1992 he presumedly killed 13-year-old Stefan Jahr.

In 1995 8-year-old Dennis Rostel was abducted from a lake in Northern Germany. His dead body was later found in Denmark.

In 1998 the Masked Man presumedly murdered 11-year-old Nicky Verstappen in the Netherlands.

In 2001 he presumedly killed 9-year-old Dennis Klein.

In 2004 11-year-old Jonathan Coulom from France went missing and was later found dead.

Police authorities in Germany, the Netherlands, and France worked together to solve the Masked Man case. For years they had no success. The case received a great deal of media attention.

In 2011 a tip from a sexual assault victim finally led police to a man named Martin Ney from Hamburg.

When interrogated, Ney confessed to the three murders committed in Germany and about 40 incidents of sexual assault against children. However, he denied having killed Nicky Verstappen and Jonathan Coulom. No proof could be found in these cases. For the murders he admitted, Ney was condemned to life in prison.

The Masked Man’s encrypted disks

After havin arrested Ney, police seized his computer. Additional storage devices he had used were found months later by a new tenant of his appartment.

As it turned out, Ney’s computer hard drive and his additional storage devices were encrypted. Of course, police was interested in deciphering these data. They might have revealed whether Ney was guilty of the murders in Denmark and the Netherlands and possibly other crimes.

Police never revealed, which encryption product Ney had used. It might have been the open-source software TrueCrypt, which was the most popular of its kind at the time.

IT forensic experts could not decipher Ney’s storage devices without knowing his passwords. However, Ney refused to reveal them. For years, experts at the Lower Saxony Police Department operated a password guessing software, which tested thousands of password candidates per seconds, but to no avail.

I blogged on the Masked Man caseseveraltimes (in German). For years, there was no progress.

Passwords revealed, nothing found

Yesterday, several German news portals (e.g. Spiegel Online) reported on a new development in the Mask Man case (thanks to Tobias Schrödel, John Haas and Dr. Karsten Hansky for the hint).

As it seems, already last year Martin Ney revealed his encryption passwords. Police only now made this public.

Meanwhile investigators have recovered Ney’s encrypted files and assessed them. According to a police spokesman, so far nothing was found that proves that Ney committed further crimes.

Similar cases

There are many other cases, in which a criminal or a crime suspect used encryption on his or her computer. Check here for a comprehensive list I have assembled. In some cases police was able to decipher the data, but usually this didn’t work. Modern encryption algorithms are so strong that even the best experts can’t break them. However, it is sometimes possible to retrieve the key, e.g., by guessing the password it was derived from.

A recent case involves four drug dealers from Toronto, Canada, who are accused of having hired a contract killer to murder a rival. The four sent each other encrypted text messages. Apparently, police could break these (as usual, nothing is known about the details, e.g., the encryption software used). According to the Crown, the content of these messages refers to the murder plan. However, this has yet to be proven. One of the attorneys said that the text messages are just “macho trash talk from a bunch of criminals.”Follow @KlausSchmeh